Product overview, functions
2.3 Industrial Ethernet Security
CP 1543-1
14
Operating Instructions, 12/2019, C79000-G8976-C289-08
S5/S7 addressing mode for FETCH/WRITE
The addressing mode can be configured for FETCH/WRITE access as S7 or S5 addressing
mode. The addressing mode specifies how the position of the start address is identified
during data access (S7 addressing mode applies only to data blocks / DBs).
Read the additional information in the online help of STEP 7.
2.3
Industrial Ethernet Security
All-round protection - the task of Industrial Ethernet Security
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an Ethernet network can be protected. The data transfer from the external network
connected to the CP can be protected by various security measures:
●
Data espionage (FTPS, HTTPS)
●
Data manipulation
●
Unauthorized access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces
implemented by the CPU or additional CPs.
Security functions of the CP for the S7-1500 station
As result of using the CP, the following security functions are accessible to the S7-1500
station on the interface to the external network:
●
Firewall
–
IP firewall with stateful packet inspection (Layer 3 and 4)
–
Firewall also for non-IP frames according to IEEE 802.3 (Layer 2)
–
Limitation of the transmission speed
–
Global and user-specific firewall rules
The protective function of the firewall can be applied to the operation of single devices or
several devices, as well as entire network segments.
●
Logging
To allow monitoring, events can be stored in log files that can be read out using STEP 7
or can be sent automatically to a Syslog server.
●
FTPS (explicit mode)
For encrypted transfer of files.
●
NTP (secure)
For secure time-of-day synchronization